SCADA Emergency Incident Response

Overview

You knew it would happen someday, and that day has arrived. A security breach has been identified on your SCADA network, and the compromise could result in disruption of service, instability of control systems, or even loss of human lives. Worse yet, you realize you do not have the internal resources or expertise to investigate and determine the scope of the problem. And the CEO wants answers now. How can you reduce these risks and be prepared?

Key Benefits

The 911 SCADA package provides a proactive approach to minimizing the effects of a security incident for the utility industry. In the event of a breach, the Foundstone Professional Services Emergency Incident Response (IR) Team is ready to provide the answers your CEO wants. Staffed with experienced first responders, the IR team will take action immediately and help you through your crisis. Our experts provide the knowledge and tools to determine what happened and how to recover from the incident. As part of a holistic approach to identification, containment, and remediation, we combine the skills and experience of Foundstone’s IR team and SCADA specialists with the world-renowned expertise of the industry’s leading malware researchers at McAfee Labs.

Methodology

Foundstone Professional Services’ proven incident response (IR) methodology is current, consistent, relevant, and repeatable. We stay current on the latest threats and remediation techniques, and are consistent in following proven strategies to resolve complex incidents. Since every business and incident is unique, we tailor our approach so it is relevant to your environment and the crisis at hand. After each engagement, we enhance our methodology and knowledge base with the unique factors and lessons learned from the engagement.

The Foundstone Professional Services Emergency IR framework is based on a five-step process:

Investigation and assessment

Containment

Forensic capture and analysis

Remediation

Reporting and follow-up

A typical engagement ranges from three days to two weeks, depending on the scope of the security breach. During the investigation, assessment, and containment phases, we collaborate with you to determine if additional services are needed for remediation. A comprehensive report of our findings is provided to you at the end of the engagement.